This module is used to find renamed methods and fields in decompiled apks.
- decompile the apk with apktool
- define a hookfinder.settings.js
- run the hookfinder to see which methods match the supplied signatures
Install hookfinder globally by using npm install -g hookfinder
- apktool
- node & npm
- basic understading of smali
This will produce a report and if some method has several matches you might specify an implementation filter. If there are multiple matches their implementations will be printed to the terminal.
apktool d base.apk
hookfinder find baseRun hookfinder --help to see this
Usage: cli [options] [command]
Commands:
find <base-folder> search in the specified directory
Options:
-h, --help output usage information
-V, --version output the version number
-s, --settings <settings-file> Specify settings
-v, --verbose Show stacktraces
The settings have two properties PACKAGE_BASE which describes the path to the targeted package root and targets which descibes the targeted classes and which fields and methods that are being sought after.
'model.Storage': { // folder 'model' and class 'Storage'
methods: [ // methods to look for
{
name: 'UnlockFeatures', // your description of the method
// this filter is for the method signature and return type
// https://github.com/JesusFreke/smali/wiki/TypesMethodsAndFields
filter: /\.method public (\w+)\(Ljava\/lang\/String;\)Z/g,
// this filter is for the method implementation
// here we're loking for any mention of 'features'
implementationFilter: /features/g
}
]
},